This talk will cover the end-to-end use cases for sigstore, a free keyless signing service, in a software supply chain framework (SLSA, NIST SSDF). We will cover the key technologies and goals such as immutable audits and real-time continuous compliance.
Chainguard
Software Supply Chain Architect
John Osborne is a Software Supply Chain Architect at Chainguard focusing on end-to-end integrity of software artifacts. Most of his time is spent helping customers along their software supply chain journey with SLSA or NIST SSDF. He’s been active in cloud-native communities for the past 7 years. Prior to his arrival at Chainguard, he spent 9 years at Red Hat, most recently as the NA Practice L…
John Osborne is a Software Supply Chain Architect at Chainguard focusing on end-to-end integrity of software artifacts. Most of his time is spent helping customers along their software supply chain journey with SLSA or NIST SSDF. He’s been active in cloud-native communities for the past 7 years. Prior to his arrival at Chainguard, he spent 9 years at Red Hat, most recently as the NA Practice Lead for DevSecOps. He also spent 7 years as the Infrastructure Lead for a large U.S. Navy program and several years at a telco startup. He has his MS Software Engineering, MBA, and is also co-author of OpenShift In Action. He currently lives in Vienna, Virginia.
Cloud Native Computing Foundation
Organizer
CNCF
Organizer
Linux Foundation (CNCF)
Organizer
CNCF
Organizer
